Environment:
There is a load-balancer (Netscaler) at the front-end where HTTPS is terminated. The HTTP traffic is then load-balanced to the WLS cluster. The load-balancer is configured to add the WL-Proxy-SSL and WL-Proxy-Client-IP headers to the HTTP request.
The nature of the environment means that HTTP is not enabled on the load-balancer.

The following observations were found.

1. The standard WebLogic plugins add into the request header multiple WL-Proxy headers prior to sending the request to the WebLogic server.
2. When testing with a generic test proxy implementation that only adds WL-Proxy-SSL header, the protocol is not returned properly.
3. When testing with a generic test proxy implementation that adds WL-Proxy-SSL header and a dummy WL-Proxy-Dummy-Header, the protocol is correct. The order in which the WL-Proxy-SSL header and WL-Proxy-Dummy-Header is important. The WL-Proxy-SSL header cannot be the last header.

A dummy header is added to the load-balancer to ensure that the WL-Proxy-SSL header is not the last header. If we add: